Is it possible to pass an SSL certificate to the postgres adapter? I'm trying to connect to RDS over SSL as described here:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.htmlI've tried passing it in the connection string with ?sslmode=require&sslrootcert=path/to/cert.pem - this works locally and is also accessible during the nextjs build, but production api routes cannot access the cert:
ENOENT: no such file or directory, open 'path/to/cert.pem'
I've had a look at the adapter but can't see where I could pass the cert as base64 directly to the adapter as you can with drizzle, something like this:
db: postgresAdapter({
pool: {
connectionString: process.env.POSTGRES_URI || '',
ssl: {
ca: sslCertAsBase64,
},
},
}),
Is this possible?
On -beta.3
You solved this/
Did the base64 path work?
No, but I haven't been playing with it since this morning.
I'm about to start tinkering again so I'll let you know how it goes
Sounds good!
Some progress - the ssl pool options weren't working because the URI contained "sslmode=require"
if the connection string contains any ssl settings (including sslcert, sslkey, sslrootcert, or sslmode), it overwrites the ssl object.
const sslCert = fs.readFileSync(path/to/bundle.pem').toString()
...
db: postgresAdapter({
pool: {
connectionString: process.env.POSTGRES_URI || '',
ssl: {
rejectUnauthorized: false,
ca: sslCert,
},
},
}),
The cert is now passed correctly via the ssl object and works in local development.
The api routes still can't see the certificate bundle, but that first step I think makes the problem easier to solve.
Ok so I encoded the bundle as base64, whacked it into env variables and converted that to a utf-8 buffer.
const base64Cert = process.env.SSL_CERT_BASE64
const decodedCert = Buffer.from(base64Cert || '', 'base64').toString('utf-8')
works perfectly.
I didn't love the solution at first - I would rather have a hot swappable .pem that gets bundled into the config, but that's probably not possible with serverless... BUT, with vercel's shared Environment Variables, I can enter this once and replicate it across multiple projects using RDS, which is nice. Also allows for easy update!
Star
Discord
online
Get dedicated engineering support directly from the Payload team.